An increasingly number of employees are now using their own laptops, tablets and other mobile device technology at work. The trend of ‘bringing your own device’ (BYOD) into the workplace is becoming both a blessing and curse. Whilst BYOD can present benefits for business, such as IT hardware cost savings and possibly better employee productivity, BYOD also creates some real security and management headaches for IT teams.
Un-managed, BYOD can result in data breaches – such as an employee losing a mobile device with confidential business data stored on it. Another problem of managing BYOD is tracking and controlling access to corporate and private networks. This is because, unlike guest access, which frequently uses an open, insecure wireless network, the potential sensitivity of BYOD means it requires a protected wireless protocol.
As well as the security issues of BYOD, in an environment where users are bringing in different technologies – other challenges emerge. These include having the necessary in-house resources to manage problems associated with differing operating systems – be it Linux or OS X or Windows. Employee hardware compatibility with an organisations’ software and applications must also be considered. Another concern is that most mobile devices are not designed for the enterprise, which means that administrative control and settings cannot be used in them.
BYOD adoption, does however, provide some major advantages for organisations. A key benefit is that organisations can save on the considerable procurement expense of these high value devices. Staff should also be more effective at work as they are using leading-edge technologies. Another plus is that as the devices are employees’ personal property, this ensures that they are better cared for.
Another advantage of BYOD, is that staff are free to choose their preferred technology for the workplace, rather than being assigned a company device. This is critical as it helps employees manage their own work/personal life balance – improving their motivation and morale. More employees are also starting to use highly effective business applications (BYOA – Bring Your Own App) – which may not have been available to them from their employers.
IT directors are now taking a more strategic approach to BYOD by incorporating the consumerisation of IT into their enterprise operations. Technology vendors are starting to offer both cloud-based solutions and multi-device applications, which deliver consistent experiences for smartphones, tablets, PCs and other mobile devices – using different operating systems.
Before unlocking their networks for multi-device usage, organisations must create an enterprise mobile device management plan – based on industry best practices. They should also ensure that proper security processes and additional IT resources are in place.
Organisations will also have to consider a more proactive security system that can manage all the endpoints and highlight potential attacks. Advanced options, such as white listing, will ultimately be required, rather than traditional anti-virus and firewall solutions. In the meantime, there is a good range of security software available to encrypt and protect corporate data on these devices.
- Create formal usage policies and processes – educating employees about BYOD policies, is essential, as well as communicating additional user security measures. To create these procedures successfully, IT and employees need to work together. Legal and HR teams should also be consulted in the process.
- Loss of device – create policies that allow IT to remotely remove all business and personal data. Establish who will be responsible for replacing a lost or stolen device. Also consider the use of mobile device management security software to encrypt and protect corporate data.
- Data backup – decide if it’s the employees’ responsibility to save their own data at specific intervals, or does IT mange it? Also, establish the best tool for backup, who makes it available and who monitors compliance?
- Data loss – be aware that it’s not possible to distinguish between company and private data during data recovery process. When a data recovery is preformed, data will simply be restored. This will also involve time-intensive separation of private and company data – meaning that privacy can’t be assured.
- Employment contract – decide on a process when an employee leaves, to ensure that company data on their private device has been deleted and that private data isn’t lost.
- IT support of BYOD – determine which applications will be supported on employee-owned devices. Decide who will manage the additional burden of technical maintenance and support issues required by multiple devices. To keep BYOD controllable, it’s probably worth restricting the range of devices permitted into an enterprise
Although the unstoppable tide of BYOD may seem daunting, with careful adoption, it will allow application availability – anytime, from anywhere, and help cut organisations’ IT procurement costs. It can also generate a positive impact on the business, in terms of improved staff motivation, morale and working efficiency.